Simplified LDAP Setup using FreeIPA on Unraid & Fedora
Рет қаралды 30,213
Күн бұрынWant to have your own LDAP server but don't want to use Windows Server or Active Directory? Take a look at FreeIPA. World-class security standards rolled up into a free and open-source product based on Linux.
In this video, we'll install it as a VM on unRAID using Fedora 33 Server Edition. I'll show you a few Fedora tips and tricks and explain how everything works. It's a little long with the explanation, but you can skip straight to the installation if you prefer.
🤖 COMMANDS
Sign in as ROOT
systemctl enable --now cockpit.socket
firewall-cmd --add-service=freeipa-ldap --add-service=freeipa-ldaps
firewall-cmd --add-service=freeipa-ldap --add-service=freeipa-ldaps --permanent
dnf -y install freeipa-server
sudo reboot
sudo nano /etc/hosts
sudo reboot
ipa-server-install --mkhomedir
Fedora 33: getfedora.org/en/server/downl...
FreeIPA: www.freeipa.org/page/Quick_St...
🔔 Subscribe for more tech tips and tutorials: @IBRACORP
👍 Like this video if you find it helpful, and tell us in the comments what other tutorials you'd like to see.
🚀 Timestamps:
0:00 Intro
0:53 What is LDAP
3:15 What is FreeIPA
6:35 Network Map
9:50 Requirements
11:23 Fedora 33
11:45 ISO
12:26 Create VM
14:45 Install Fedora
20:36 Install FreeIPA
27:55 Fedora Cockpit
29:55 Access FreeIPA
32:50 Integrate Authelia
33:45 Walkthrough UI
36:57 Final words
📌 Follow us on social media for the latest updates:
Website: ibracorp.io/
Discord: / discord
Reddit: / ibracorp
Twitter: / ibracorp_io
Facebook: / ibracorp
💖 Support Us:
Your support helps us to keep producing high-quality tech tutorials and content. If you've found value in our videos, consider supporting us in the following ways:
PayPal: www.paypal.com/donate/?hosted...
Shop: shop.ibracorp.io/
Subscribe and share our videos with friends and colleagues.
Every bit of support makes a huge difference and enables us to continue delivering content that helps you make the most of the latest technology!
For business enquiries, please email support@ibracorp.io
#Freeipa #activedirectory #identitymanagement #installation #ldap #opensourcesoftware #unraid #what is ldap? #self-hosted #ldapexplained #domain #authelia backend #ldapconnectionhttps #ldapexample #opensourceprojects single sign on centos stream
@joshjones1289 2 жыл бұрын
For those having issues with errors and failed installs, here is what finally worked for me... Create VM and go through everything as usual until you get to: ipa-server-install --mkhomedir Before running that command, I opened up the web interface on :9090 and ran the software updates for everything. Rebooted to get everything up-to-date. Finally ran: ipa-server-install --mkhomedir and it worked... 5th times the charm for me. Good Luck! BTW, I used F35 (the latest) and had over 200 updates within the software before continuing with the install.
@Norkz 2 жыл бұрын
I didn't know you posted it on here as well.
@joshjones1289 2 жыл бұрын
@@Norkz i figured that I might as well... some people don't do Reddit. Glad it worked out.
@IBRACORP 2 жыл бұрын
Thanks for the solution! I have pinned this comment for future users to find.
@Edwin1650 2 жыл бұрын
@@joshjones1289 Thanks man! I was breaking my head trying to figure this out... Life saver!
@StoneyDeniX 2 жыл бұрын
Actually you dont have to go through all that, opening web interface etc... Just do following command before: ipa-server-install --mkhomedir sudo yum update thats all
@IBRACORP 3 жыл бұрын
Cheers for watching today's video! Do you like FreeIPA? Do you think it's a worthy opponent to Active Directory? Let us know in the comments
@tmembrino Жыл бұрын
Thanks much for this! Just set it up using Fedora Server 37 (Feb 2023) and working great! This is fantastic! And what a great add-on to your Authelia setup video. You all rock!
@scooter4196 Жыл бұрын
Thanks for being complete and explaining things clearly. I've been exploring using this over AD for our test lab and this seem to be what I'm looking for. THANK YOU AGAIN!!!!
@AwesomeOpenSource 3 жыл бұрын
This was an absolutely terrific run through the FreeIPA stuff. I need to get back to freeiPA and now I'm feeling inspired to make some time.
@IBRACORP 3 жыл бұрын
Thank you mate you inspired this one, appreciate the support
@chrisumali9841 3 жыл бұрын
Thanks for the demo and info. The network map is awesome, have a great day
@IBRACORP 3 жыл бұрын
Thank you mate same to you!
@geyoda64 3 жыл бұрын
Fantastic, I've been waiting for this. Thank you very much!
@IBRACORP 3 жыл бұрын
My pleasure mate thanks for coming back and checking it out!
@geyoda64 3 жыл бұрын
@@IBRACORP Now that I watched it. Does this work/integrate with the LDAP interface of Nextcloud/Emby/Jellyfin.... If yes could you go over an example as I'm really new to LDAP or AD.
@IBRACORP 3 жыл бұрын
Yes it does. I use it with Nextcloud, Organizr, Jellyfin and more. I will do a follow up video with configuring those apps
@geyoda64 3 жыл бұрын
@@IBRACORP Amazing. Thanks again for the great tutorials!
@ScofieldMuliru Жыл бұрын
Thank you so much for preparing this tutorial. Really helpful.
@DillonG959 2 ай бұрын
That popup at around 30 mins was because it was looking for Kerberos creds.
@mariobraun7568 3 жыл бұрын
You are a legend! Thanks so much. Will dive right in after work
@IBRACORP 3 жыл бұрын
My pleasure thank you for watching mate
@IBRACORP 3 жыл бұрын
And a big thank you for your donation, really appreciate it.
@BerkeleyTowers 3 жыл бұрын
Brilliant.... buzzing that it all works........ now I just need to go and find a reason to have it!
@IBRACORP 3 жыл бұрын
Good luck with that one Paul, that's we all try to tell ourselves :)
@JuniorReveron 3 жыл бұрын
Yes do one on Active Directory to see the difference between FreeIPA and Windows Server.
@anihilat 3 жыл бұрын
Nice video. Keep doing it ! :)
@IBRACORP 3 жыл бұрын
Cheers mate thanks for watching!
@OldManWrigley 2 жыл бұрын
Can confirm, August 2022 got it working on Fedora 36. What a fantastic video
@IBRACORP 2 жыл бұрын
Thank you!
@lifeofrandom1770 Жыл бұрын
I am still stuck on the certificate, a normal cert from lets encrypt will not work. I have my own that I purchased but nginx requires a key file which I do not have and never had. How would I either just use a lets encrypt cert or find the key file for my cer?
@mrsvard417 Жыл бұрын
For anyone having issues with not being able to edit the hosts file with "sudo nano /etc/hosts", you might not have the nano text editor installed, type "yum install nano" and it should fix the problem.
@NicoDeclerckBelgium 3 ай бұрын
The biggest problems with most of these videos is losing track of the essentials. Can I use LDAP as a user database seperately from Kerberos? That's the main and very first question to be answered, that sadly remains unanswered before we get to the installation and I gave up... 😢. One thing I do appreciate in this video is actually the honesty, and also the mention that FreeIPA is very badly documented.
@filiecs3 2 жыл бұрын
What about configuring it so that you can authenticate an application like Authelia or Keycloak using LDAPS instead of just LDAP. I need to authenticate applications that are on different servers at different locations and want to do it securely.
@kooplah6981 2 жыл бұрын
FYI as of writing, both "freeipa-ldap" and "freeipa-ldaps" are depricated and can both be replaced with "freeipa-4"
@hiteshsaini7184 3 жыл бұрын
Hello sir, can you tell us that how to setup freeipa with https without invalid certificate error on cloud server
@MrMischelito 3 жыл бұрын
Really, who wouldn't like a free IPA??? Cheers!
@IBRACORP 3 жыл бұрын
Cheers!
@savageaus81 3 жыл бұрын
Great video, had it running at on point but then redid it and now i cannot get it to install. I keep getting the following. The IPA Server Hostname cannot be a CNAME, only A and AAAA names are allowed. The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information Hostname is set as ipa.myserver.xyz (obviously myserver is replaced with my actual domain. Using a fedora 33 server vm on unraid. cname set in cloudflare and nginx proxy manager
@Neo198431 Жыл бұрын
How would this work out for an Active Directory solution and file sharing with a few windows clients?
@ibrahimsalah1436 3 жыл бұрын
Can you please make a video how to certificate authority ? to FreeIPA ?
@bcfrutuozo 2 жыл бұрын
I did exactly as the video is showing, but when I try to access my domain a got a NET::ERR_CERT_AUTHORITY_INVALID error. Did anyone experienced the same? ipa**** uses encryption to protect your information. When Microsoft Edge tried to connect to ipa.***** this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be ipa.*****, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Microsoft Edge stopped the connection before any data was exchanged. You can't visit ipa.***** right now because the website uses HSTS. Network errors and attacks are usually temporary, so this page will probably work later.
@strongyp 3 жыл бұрын
Using a ssh key pair would have been a much better idea than allowing login to root with a password other than that nice video, the basic Auth could be something in nginx proxy manager
@IBRACORP 3 жыл бұрын
That's a fair point and I was not aware. Thanks for teaching something new and watching
@strongyp 3 жыл бұрын
@@IBRACORP ok after a lot of digging, i think i finallly found a fix for the basicAuth box its apparently FreeIPA trying to use single sign on and chrome/edge apparently does not have a clue about what is going on so they just pop up a login box edit sudo nano /etc/httpd/conf.d/ipa-rewrite.conf dump this at the bottom of the file and restart httpd service RewriteCond %{HTTP_COOKIE} !ipa_session RewriteCond %{HTTP_REFERER} ^(.+)/ipa/ui/$ RewriteRule ^/ipa/session/json$ - [R=401,L] RedirectMatch 401 ^/ipa/session/login_kerberos sudo /sbin/service httpd restart this fixed the problem for me
@IBRACORP 3 жыл бұрын
Mate you are a legend! That stupid box was driving me crazy. I will try this when I get home later today, thanks for coming back with a solution!
@blindside995 3 жыл бұрын
@@strongyp Would you mind sharing briefly if you could how you fixed it?
@filiecs3 Жыл бұрын
@@strongyp unfortunately, this did not seem to work for me.
@yunusdestanci 2 жыл бұрын
Hello, first of all, thank you very much. I get such an error after installation, how can I solve it? (404 Not Found nginx/1.18.0)
@Aceriz 3 жыл бұрын
Hey wondering was setting this up. I set up the encryption in fedora as you mentioned. But note that if I were to restart the VM would need to manually punch in the password.. thoughts about this given desire to have VM autostart in array start.
@IBRACORP 3 жыл бұрын
Interesting point. I guess that is up to you but in my case I wouldn't want to do that.
@Aceriz 3 жыл бұрын
@@IBRACORP Ya I was having difficulty with this.. as it doesn't allow for a more seamless autostart of the VM and the dockers... so won't use the encryption for now
@malvincarroll4171 2 жыл бұрын
I have gone through this video several times now and continuous get stuck on updating the hosts file with nano. I get an error each time that says nano is not installed. Any suggestions?
@texanallday 2 жыл бұрын
"dnf up" then "dnf install nano"
@B3nD0t Ай бұрын
@IBRACORRP I'm trying to set up with radius, but can't achieve that. I really like to see The authelia integration with free ipa
@alexalex-jy4tv 3 жыл бұрын
Did you try to use nested group with freeipa and have authelia successfully get all groups for a given user?
@IBRACORP 3 жыл бұрын
not yet! any examples?
@stefanlaterra5797 Жыл бұрын
Anyone else experiencing issues on version 36. Upon Installation I don't have the same menu items to add my hostname, adjust network settings.
@stefanlaterra5797 Жыл бұрын
nevermind downloaded the wrong ISO
@xruchai 3 жыл бұрын
Again a very good video, thank you! I have only, once again a problem... I did everything as you explained and then wanted to include LDAP/LDAPS in my Nextcloud. Unfortunately, no matter what I do, it doesn't work. Either it hangs in an infinite loop while checking or nothing happens. Can you maybe make a video about this too (basically embedding in NC and other interesting apps), SSO would also be very awesome? You explain it with Authelia but on local/internal level, not from WEB :(. Would be really awesome if you could support here :)! Oh and thanks for your last answer, has helped me a lot unnd solved the problem ;)
@IBRACORP 3 жыл бұрын
This is a bug with nextcloud we've been waiting for them to fix to do our next video on it :) I'm glad you're enjoying the content and thank you for the suggestions!
@xruchai 3 жыл бұрын
@@IBRACORP That explains a lot xD.Then I'm curious and thank you for the answer ;). I have Unraid longer at home in use but am not so deep in the matter of knowledge. Professionally I have to do more with Microsoft...but I should really deal with it more deeply (if time would be) ^^''. Since your videos come among other things just right :).
@hawks48 3 жыл бұрын
Been a subscriber for a while and love your stuff. Just a small request, can you use a diff resolution or your videos? It’s hard to make out all the details with my mobile device... maybe it’s just me.
@IBRACORP 3 жыл бұрын
Thank you Dave much appreciated. You know what you're not the only one to mention it so I'll look into how to make things nice and big in future. Still learning editing!
@hawks48 3 жыл бұрын
@@IBRACORP the content is fantastic and really appreciated!
@propeto13 3 жыл бұрын
hello, have we figured out how to disable the browser prompt?
@IBRACORP 3 жыл бұрын
Yep! I have pinned the comment for people to see now.
@baxlash81 2 жыл бұрын
This is a great video, but the font size in the PuTTY terminal is so tiny that one can barely read it. Could you please use a bigger font in the future videos?
@IBRACORP 2 жыл бұрын
Yes most definitely. This was early one for me so some lessons learned. Cheers!
@A1994SC 2 жыл бұрын
My plans are to use the Raspberry Pi that I run my certificate authority on. I figured that it would make sense to do that
@IBRACORP 2 жыл бұрын
Why not?!
@IBRACORP 2 жыл бұрын
That's awesome thanks for sharing. Might do this myself actually
@martinlabat8163 3 жыл бұрын
Very nice video! Is it possible to run freeipa on a docker on unraid?
@IBRACORP 3 жыл бұрын
It is but I don't recommend
@stayupthetree 3 жыл бұрын
Overall good video, but loses its way around the Authelia integration
@MyKhile 3 жыл бұрын
Just a note to anyone trying this Fedora 34 is not compatible with IPA in this guide and will fail use 33
@EderMorales18 2 жыл бұрын
I can't seem to be able to find fedora 33, do you have a link?
@ironwoodoverland 2 жыл бұрын
Yeah I tried to install this multiple times using 34 and then found this comment, pretty frustrating. About to give it a go now with 33.
@dylansteil7325 2 жыл бұрын
@@ironwoodoverland Been going on 2 days.... I finally found this comment. Here we go.
@ironwoodoverland 2 жыл бұрын
@@dylansteil7325 Did you ever get this to work? I downloaded 33 but got some error about metadata. The closest I've gotten is getting the same errors as the poster named AJ down below.
@dylansteil7325 2 жыл бұрын
@Ironwood Overland I have not yet. Same errors on my end with metadata. I am considering trying Active Directory instead.
Awesome Open Source
Рет қаралды 19 М.
ИТ проповедник
Рет қаралды 20 М.
Awesome Open Source
Рет қаралды 58 М.
ГЛАЗУРЬ СТЕКЛО для iPhone и аксессуары OTU
Рет қаралды 6 МЛН